What is Heartbleed Attack: that raised eyebrows of entire Internet User across the World

What is Heartbleed security attack?

Heartbleed bug is security attack that raised eyebrows of the entire internet user across the world. Heartbleed bug has been found in openSSL cryptography library. This  library  provides data encryption and cryptography technique to ensure data security at transport layer on internet. It is programming error in OpenSSL that exposes user’s data including credential, user name, password and other user’s important data to hackers.

This issue has come in limelight after openSSL pressed this bug in public on 7^th April 2014. Just after couple of days, expert stirred the world by saying, this issue is from last 2 years.

What actually Heartbleed  bug might be?

I am not networking expert but having knowledge of network layer and network security, here is certain prediction that can depict where and what can be issue by doing certain work around and going through source information.

It might be only one or two line code in openSSL library where payload coming from user not has been counted. So openSSL library allows users to access extra memory space that might contain user important data including user name, password and other credential information.

Hacker can send small payload to server and with showing more memory size. As openSSL library is not counting actual payload message size, it allow hackers to get access for extra memory space. Ensue of this data get visible to hackers.

What is Heartbleed bug impact?

Many websites are using openSSL library for security and data encryption; including tech companies, banking service provider, and many more websites that mainly deal with users credential for their primary uses.

The Federal Financial Institutions Examination Council (FFIEC) has already advised to the banking website to ensure data security, addition to that FFIEC provided step to protect and to prevent exposing user’s data. Many banking website has hired vendors that have ample knowledge of openSSL and Heartbleed attack.  Canada government is transparent over Heartbleed Bug and saying that all public websites should have been closed which are not using patched openSSL library.

 Who is responsible for Heartbleed attack?

This bug has been discovered by Codenomicon as well as Google Engineers. From openSSL spoke person, Seggelmann was working on openSSL had fixed many bugs and added many more features in openSSL library. He admitted that two years back, while working on one of the feature he had made certain changes in code that leads to Heartbleed vulnerability.  Mere thing is that even tester had not noticed this bug.
There are only 2-3 engineers working on openSSL. They are not doing for fame or money but for sake of responsibility. It’s really shocking to know as whole world is rely on the security provided by only  these 2-3 engineers working on openSSL.

How can you protect yourself from Heartbleed security attack?

It is recommended to change password after every 10-15 days. But it is not going to work 100% as hacker can hack your important credential and password again by Heartbleed attack.
Its better, before using your credential on any web service or any website, contact service provider or website admin to ensure…

• Are service provider aware about Heartbleedb bug ?
• What action they have taken for this?
• Are their service patched up and certified by openSSL security?